Kali Linux explained: A pentester’s toolkit

Why it's the most popular penetration testing Linux distro.

Kali Linux logo / gears / binary data
Kali Linux / nevarpp / Getty Images

Kali Linux definition

Kali Linux is the world's most popular offensive-security-optimized Linux distro. Maintained and managed by the fine folks at Offensive Security, Kali was born in 2006 as BackTrack Linux, but after a major refactoring in 2013 got the name Kali. What does the name mean? Well, we'll get to that.

Based on Debian Testing, Kali includes more than 300 security tools, including the big ones like Metasploit, Nmap, and Aircrack-ng, but also a wide variety of more obscure and specialist tools.

Kali is free to download and use but is intended as a specialized Linux distro optimized for penetration testing and not as a day-to-day operating system for checking your email or web browsing or sharing cat gifs on the Book of Faces.

Getting started with Kali

If you're familiar with Linux, especially a Debian flavor like Ubuntu (or, well, Debian) then Kali will seem familiar to you, at least at first. Crack open a terminal and poke around. It's officially recognized as a compliant Debian variant by the Debian Project, and with a default GNOME desktop, looks and feels at first glance like you might expect.

Fast forward to that scene in a World War II movie where a grizzled, cigar-chomping sergeant removes the dusty tarp covering the Big Guns. That's approximately what it feels like to pick up Kali and start playing around with it. Especially since pointing most of these tools at targets without their permission is illegal under the Computer Fraud and Abuse Act (CFAA) in the US and under similar laws around the world, you might feel a little like a baby with a howitzer. Aim wisely.

Again, Kali is not meant for use as a daily default operating system, but for security testing. As such, it is frequently installed as a virtual machine on a laptop, using VMWare or VirtualBox on a Windows, Mac, or even Linux host. Kali also installs nicely as a Qubes VM. If you're new to Kali, download a preconfigured VMWare or VirtualBox VM to get up and running quickly.

Who is Kali for?

Kali is a specialized Linux distro that is meant for experienced Linux users who need an offensive security-focused penetration testing platform. If that does not describe you or your use case, then give the user-friendly Ubuntu or Mint Linux distributions a go instead.

The Kali maintainers don't mince words:

"If you are unfamiliar with Linux generally, if you do not have at least a basic level of competence in administering a system, if you are looking for a Linux distribution to use as a learning tool to get to know your way around Linux, or if you want a distro that you can use as a general purpose desktop installation, Kali Linux is probably not what you are looking for."

Once inside the bailiwick of penetration testing, Kali is the right choice for most offensive security tasks. Advanced users may surface with opinions on alternatives to Kali they prefer, but newcomers to penetration testing need to get Kali under their belt before looking at other options.

Installing Kali meta-packages

So many security tools are available for Kali that they all can't fit into one download. Because many of those tools are specialized for specific hardware or edge use cases, Kali downloads with a bundle of the most commonly used tools and allows users to install meta-packages — Debian packages that include dozens, or even hundreds of packages in that category.

The Kali folks give the example of downloading Kali for a wireless pentesting engagement. Rather than waiting for everything and the kitchen sink to install, an apt-get install kali-tools-wireless command will get you all of Kali's wireless tools, so you're off to the races faster.

The full list of meta-packages includes more than a dozen options to choose from. New Kali users might best start by installing kali-linux-default and maybe kali-tools-top10. If you want All the Things, then kali-linux-everything is your jam, but be prepared for long download times plus tool overload.

Popular Kali tools

Imagine a Swiss Army knife with several hundred gizmos, gewgaws and whatchamacallits. Where do you start? Probably not the tweezers or toothpick. But you'll want the large knife, definitely a can opener, a screwdriver — the basics, the reason you bought the knife in the first place.

For Kali, that means Metasploit, the popular penetration testing framework. That means Nmap (of course), the indispensable port scanner. That means Wireshark, the ubiquitous network traffic analyzer. And of course, Aircrack-ng, for testing WiFi security.

There's more where that came from. Loads more. Want to man-in-the-middle network traffic? There's mitmproxy and Burp (free version) to choose from. Cracking passwords offline? Hashcat and John the Ripper will do the job. SQL injection fun day? Sqlmap is a good place to start. If you're crafting phishing emails as part of an engagement, the social engineering tools — like the Social-Engineer Toolkit (SET) — will help you outwit inattentive employees.

Practice using Kali

Newcomers to Kali should find a suitably legal firing range at which to point their new arsenal of tools. Popular services like VulnHub and HacktheBox offer free/cheap VPN access to dozens of vulnerable boxen for you to practice your hacking skills.

When you're ready, the OSCP awaits. The coveted Offensive Security Certified Professional certification, made and managed by the folks at Offensive Security — who also maintain Kali Linux — offers hands-on training using Kali and a 24-hour exam where students must hack into vulnerable targets in order to pass.

The OSCP is not for the faint of heart. It's for a good reason their motto is "Try Harder." If you decide to go for the cert, expect to work for it.

Special Kali features

Kali supports all sorts of useful edge case you might not have even thought of, including ARM support (slice of Raspberry Pi, anyone?), a forensics mode when you need the bits to provably remain unchanged, a "Kali for Android" called NetHunter that looks to be the new big thing, Amazon EC2 AWS images, and even support for braille.

Most of these are advanced use cases a beginner is not likely to need, or even need to know, but the Kali universe is vast and popular. There seems no end in sight to its future growth.

As for the name? Mum's the word. "Hindu Goddess of time and change? Philippine martial art? Cool word in Swahili? None of the above," the founders write. "'Kali' is simply the name we came up with for our new distribution."

Copyright © 2020 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.